How to run apache httpd 2.4.6 with a self-signed certificate signed with an elliptic curve key...
up vote
0
down vote
favorite
I'm trying to run apache httpd 2.4.6 on CentOS 7.6 with a self-signed certificate signed with an elliptic curve key brainpoolP384t1, but apache is not accepting this as a valid key. I ensured all directives are poiting to the right place. The only problem is with apache not recognizing the key as valid. The key is not encrypted.
When I get to the ssl_error_log file, I get this (using pkcs8):
[Sun Dec 16 15:15:36.020090 2018] [ssl:error] [pid 8379:tid 140184667797632] AH02203: Init: Private key not found
[Sun Dec 16 15:15:36.020246 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020297 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Sun Dec 16 15:15:36.020327 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020356 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Sun Dec 16 15:15:36.020386 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Sun Dec 16 15:15:36.020415 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020444 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
without pkcs8
[Mon Dec 17 01:24:47.455770 2018] [ssl:error] [pid 18124:tid 139679037429888] AH02203: Init: Private key not found
[Mon Dec 17 01:24:47.455902 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456051 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Dec 17 01:24:47.456090 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456121 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Mon Dec 17 01:24:47.456152 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Dec 17 01:24:47.456180 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456210 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
NOTE: I've ran it with rsa key encrypted with aes-256-cbc, but now I want it with an ec key.
centos apache-httpd openssl certificates
|
show 4 more comments
up vote
0
down vote
favorite
I'm trying to run apache httpd 2.4.6 on CentOS 7.6 with a self-signed certificate signed with an elliptic curve key brainpoolP384t1, but apache is not accepting this as a valid key. I ensured all directives are poiting to the right place. The only problem is with apache not recognizing the key as valid. The key is not encrypted.
When I get to the ssl_error_log file, I get this (using pkcs8):
[Sun Dec 16 15:15:36.020090 2018] [ssl:error] [pid 8379:tid 140184667797632] AH02203: Init: Private key not found
[Sun Dec 16 15:15:36.020246 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020297 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Sun Dec 16 15:15:36.020327 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020356 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Sun Dec 16 15:15:36.020386 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Sun Dec 16 15:15:36.020415 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020444 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
without pkcs8
[Mon Dec 17 01:24:47.455770 2018] [ssl:error] [pid 18124:tid 139679037429888] AH02203: Init: Private key not found
[Mon Dec 17 01:24:47.455902 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456051 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Dec 17 01:24:47.456090 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456121 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Mon Dec 17 01:24:47.456152 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Dec 17 01:24:47.456180 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456210 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
NOTE: I've ran it with rsa key encrypted with aes-256-cbc, but now I want it with an ec key.
centos apache-httpd openssl certificates
Do you have private key and certificate in PEM format?
– Romeo Ninov
yesterday
Yes, I do. I've implemented it with a non - ec curve key, but now I want it with an ec curve key.
– El_Dorado
yesterday
Usually the errors you reported occur when attempting to use a non-x509 key. You should make sure that you keys and cert are in x509 and not pkcs8... as appears to be the case listed in the errors ... if the key and cert are in x509, this should not give any errorsopenssl x509 -in mykey.pem -text
– RubberStamp
yesterday
Well, actually it was in x509, but i was also getting errors. Later, i changed to pkcs8 to see if it would vanish but it still happen.
– El_Dorado
yesterday
Please update your question with the errors that occurred with the key and cert in x509.
– RubberStamp
yesterday
|
show 4 more comments
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to run apache httpd 2.4.6 on CentOS 7.6 with a self-signed certificate signed with an elliptic curve key brainpoolP384t1, but apache is not accepting this as a valid key. I ensured all directives are poiting to the right place. The only problem is with apache not recognizing the key as valid. The key is not encrypted.
When I get to the ssl_error_log file, I get this (using pkcs8):
[Sun Dec 16 15:15:36.020090 2018] [ssl:error] [pid 8379:tid 140184667797632] AH02203: Init: Private key not found
[Sun Dec 16 15:15:36.020246 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020297 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Sun Dec 16 15:15:36.020327 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020356 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Sun Dec 16 15:15:36.020386 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Sun Dec 16 15:15:36.020415 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020444 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
without pkcs8
[Mon Dec 17 01:24:47.455770 2018] [ssl:error] [pid 18124:tid 139679037429888] AH02203: Init: Private key not found
[Mon Dec 17 01:24:47.455902 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456051 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Dec 17 01:24:47.456090 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456121 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Mon Dec 17 01:24:47.456152 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Dec 17 01:24:47.456180 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456210 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
NOTE: I've ran it with rsa key encrypted with aes-256-cbc, but now I want it with an ec key.
centos apache-httpd openssl certificates
I'm trying to run apache httpd 2.4.6 on CentOS 7.6 with a self-signed certificate signed with an elliptic curve key brainpoolP384t1, but apache is not accepting this as a valid key. I ensured all directives are poiting to the right place. The only problem is with apache not recognizing the key as valid. The key is not encrypted.
When I get to the ssl_error_log file, I get this (using pkcs8):
[Sun Dec 16 15:15:36.020090 2018] [ssl:error] [pid 8379:tid 140184667797632] AH02203: Init: Private key not found
[Sun Dec 16 15:15:36.020246 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020297 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Sun Dec 16 15:15:36.020327 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020356 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Sun Dec 16 15:15:36.020386 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Sun Dec 16 15:15:36.020415 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Dec 16 15:15:36.020444 2018] [ssl:error] [pid 8379:tid 140184667797632] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
without pkcs8
[Mon Dec 17 01:24:47.455770 2018] [ssl:error] [pid 18124:tid 139679037429888] AH02203: Init: Private key not found
[Mon Dec 17 01:24:47.455902 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456051 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Dec 17 01:24:47.456090 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456121 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Mon Dec 17 01:24:47.456152 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Dec 17 01:24:47.456180 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 17 01:24:47.456210 2018] [ssl:error] [pid 18124:tid 139679037429888] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
NOTE: I've ran it with rsa key encrypted with aes-256-cbc, but now I want it with an ec key.
centos apache-httpd openssl certificates
centos apache-httpd openssl certificates
edited 17 hours ago
asked yesterday
El_Dorado
357
357
Do you have private key and certificate in PEM format?
– Romeo Ninov
yesterday
Yes, I do. I've implemented it with a non - ec curve key, but now I want it with an ec curve key.
– El_Dorado
yesterday
Usually the errors you reported occur when attempting to use a non-x509 key. You should make sure that you keys and cert are in x509 and not pkcs8... as appears to be the case listed in the errors ... if the key and cert are in x509, this should not give any errorsopenssl x509 -in mykey.pem -text
– RubberStamp
yesterday
Well, actually it was in x509, but i was also getting errors. Later, i changed to pkcs8 to see if it would vanish but it still happen.
– El_Dorado
yesterday
Please update your question with the errors that occurred with the key and cert in x509.
– RubberStamp
yesterday
|
show 4 more comments
Do you have private key and certificate in PEM format?
– Romeo Ninov
yesterday
Yes, I do. I've implemented it with a non - ec curve key, but now I want it with an ec curve key.
– El_Dorado
yesterday
Usually the errors you reported occur when attempting to use a non-x509 key. You should make sure that you keys and cert are in x509 and not pkcs8... as appears to be the case listed in the errors ... if the key and cert are in x509, this should not give any errorsopenssl x509 -in mykey.pem -text
– RubberStamp
yesterday
Well, actually it was in x509, but i was also getting errors. Later, i changed to pkcs8 to see if it would vanish but it still happen.
– El_Dorado
yesterday
Please update your question with the errors that occurred with the key and cert in x509.
– RubberStamp
yesterday
Do you have private key and certificate in PEM format?
– Romeo Ninov
yesterday
Do you have private key and certificate in PEM format?
– Romeo Ninov
yesterday
Yes, I do. I've implemented it with a non - ec curve key, but now I want it with an ec curve key.
– El_Dorado
yesterday
Yes, I do. I've implemented it with a non - ec curve key, but now I want it with an ec curve key.
– El_Dorado
yesterday
Usually the errors you reported occur when attempting to use a non-x509 key. You should make sure that you keys and cert are in x509 and not pkcs8... as appears to be the case listed in the errors ... if the key and cert are in x509, this should not give any errors
openssl x509 -in mykey.pem -text
– RubberStamp
yesterday
Usually the errors you reported occur when attempting to use a non-x509 key. You should make sure that you keys and cert are in x509 and not pkcs8... as appears to be the case listed in the errors ... if the key and cert are in x509, this should not give any errors
openssl x509 -in mykey.pem -text
– RubberStamp
yesterday
Well, actually it was in x509, but i was also getting errors. Later, i changed to pkcs8 to see if it would vanish but it still happen.
– El_Dorado
yesterday
Well, actually it was in x509, but i was also getting errors. Later, i changed to pkcs8 to see if it would vanish but it still happen.
– El_Dorado
yesterday
Please update your question with the errors that occurred with the key and cert in x509.
– RubberStamp
yesterday
Please update your question with the errors that occurred with the key and cert in x509.
– RubberStamp
yesterday
|
show 4 more comments
1 Answer
1
active
oldest
votes
up vote
1
down vote
From the error messages it looks like your private key is in a pkcs#8 file. From RFC5958 the private key is likely in DER format:
Interoperability considerations:
The PKCS #8 object inside this media type MUST be DER-encoded
PrivateKeyInfo.
So, you probably need to convert your private key to PEM format:
openssl pkey -inform DER -in key.p8 -outform PEM -out key.pem
It's unclear from your question how you've created your keys and your certs. Here's a simple example that functions on my Debian Buster system.
Create an Elliptic Curve Private Key
openssl ecparam -out ec_key.pem -name brainpoolP384t1 -genkey
openssl pkey -in ec_key.pem -text
-----BEGIN PRIVATE KEY-----
MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBDASBnjCBmwIBAQQwKTnt9uvr1aJS
tXEsz3MCtPbojeYvDKOXm9eEllpsErzSdeBUs0c7kyJYnY00N9pwoWQDYgAED2+w
xryVMzZh/nW6mUx3WxWTjXf02/17sZPpkKHcqtj3TObcA7yjpwNs+PriRBEkiyuU
jbXdeTjr79xTLcElXIvJkEp5vu4qijBQ8CRdqc5BZgGWw0vV84xNtB5xKOpc
-----END PRIVATE KEY-----
Private-Key: (384 bit)
priv:
29:39:ed:f6:eb:eb:d5:a2:52:b5:71:2c:cf:73:02:
b4:f6:e8:8d:e6:2f:0c:a3:97:9b:d7:84:96:5a:6c:
12:bc:d2:75:e0:54:b3:47:3b:93:22:58:9d:8d:34:
37:da:70
pub:
04:0f:6f:b0:c6:bc:95:33:36:61:fe:75:ba:99:4c:
77:5b:15:93:8d:77:f4:db:fd:7b:b1:93:e9:90:a1:
dc:aa:d8:f7:4c:e6:dc:03:bc:a3:a7:03:6c:f8:fa:
e2:44:11:24:8b:2b:94:8d:b5:dd:79:38:eb:ef:dc:
53:2d:c1:25:5c:8b:c9:90:4a:79:be:ee:2a:8a:30:
50:f0:24:5d:a9:ce:41:66:01:96:c3:4b:d5:f3:8c:
4d:b4:1e:71:28:ea:5c
ASN1 OID: brainpoolP384t1
It's important to note that this particular curve is not compatible with the majority of browsers or commonly used client software.
So, here's an example of generating a NIST curve EC key, which is compatible with most browsers and commonly used client software.
Create NIST EC Key
openssl ecparam -out ec_key_nist.pem -name secp384r1 -genkey
openssl pkey -in ec_key_nist.pem -text
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB1sa6wudssPDi6sfEg
V7J4xTkn3WF4veaMbcw4GAcL8PUrciXjt5jg8J3wbyvB9ZGhZANiAARLBE/WuM1e
DjYNETD+2oEoej6ZbhDvIRbxqxBBuvVna1hQQW76h3MsavEtBNbkAQZHQ9KZCScg
td5N/OhqQ+K7qXSr7F0KHTp49D9grufK+R6/uNoXtT8yiHO5yAI4lok=
-----END PRIVATE KEY-----
Private-Key: (384 bit)
priv:
75:b1:ae:b0:b9:db:2c:3c:38:ba:b1:f1:20:57:b2:
78:c5:39:27:dd:61:78:bd:e6:8c:6d:cc:38:18:07:
0b:f0:f5:2b:72:25:e3:b7:98:e0:f0:9d:f0:6f:2b:
c1:f5:91
pub:
04:4b:04:4f:d6:b8:cd:5e:0e:36:0d:11:30:fe:da:
81:28:7a:3e:99:6e:10:ef:21:16:f1:ab:10:41:ba:
f5:67:6b:58:50:41:6e:fa:87:73:2c:6a:f1:2d:04:
d6:e4:01:06:47:43:d2:99:09:27:20:b5:de:4d:fc:
e8:6a:43:e2:bb:a9:74:ab:ec:5d:0a:1d:3a:78:f4:
3f:60:ae:e7:ca:f9:1e:bf:b8:da:17:b5:3f:32:88:
73:b9:c8:02:38:96:89
ASN1 OID: secp384r1
NIST CURVE: P-384
Create the self-signed server certificate
Once you've got a key generated, the self-signed server cert is a one liner:
openssl req -new -key ec_key.pem -x509 -nodes -days 365 -out cert.pem
After testing with both EC keys, it is confirmed that brainpoolP384t1
is a non-functioning curve for any of my browsers. However, the NIST EC key and cert worked as expected with all my client software.
Tested Software:
- Brave Browser (0.25.2)
- Firefox (60.3.0)
- Sylpheed (3.7.0)
- Lynx (2.8.9rel.1)
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f489306%2fhow-to-run-apache-httpd-2-4-6-with-a-self-signed-certificate-signed-with-an-elli%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
From the error messages it looks like your private key is in a pkcs#8 file. From RFC5958 the private key is likely in DER format:
Interoperability considerations:
The PKCS #8 object inside this media type MUST be DER-encoded
PrivateKeyInfo.
So, you probably need to convert your private key to PEM format:
openssl pkey -inform DER -in key.p8 -outform PEM -out key.pem
It's unclear from your question how you've created your keys and your certs. Here's a simple example that functions on my Debian Buster system.
Create an Elliptic Curve Private Key
openssl ecparam -out ec_key.pem -name brainpoolP384t1 -genkey
openssl pkey -in ec_key.pem -text
-----BEGIN PRIVATE KEY-----
MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBDASBnjCBmwIBAQQwKTnt9uvr1aJS
tXEsz3MCtPbojeYvDKOXm9eEllpsErzSdeBUs0c7kyJYnY00N9pwoWQDYgAED2+w
xryVMzZh/nW6mUx3WxWTjXf02/17sZPpkKHcqtj3TObcA7yjpwNs+PriRBEkiyuU
jbXdeTjr79xTLcElXIvJkEp5vu4qijBQ8CRdqc5BZgGWw0vV84xNtB5xKOpc
-----END PRIVATE KEY-----
Private-Key: (384 bit)
priv:
29:39:ed:f6:eb:eb:d5:a2:52:b5:71:2c:cf:73:02:
b4:f6:e8:8d:e6:2f:0c:a3:97:9b:d7:84:96:5a:6c:
12:bc:d2:75:e0:54:b3:47:3b:93:22:58:9d:8d:34:
37:da:70
pub:
04:0f:6f:b0:c6:bc:95:33:36:61:fe:75:ba:99:4c:
77:5b:15:93:8d:77:f4:db:fd:7b:b1:93:e9:90:a1:
dc:aa:d8:f7:4c:e6:dc:03:bc:a3:a7:03:6c:f8:fa:
e2:44:11:24:8b:2b:94:8d:b5:dd:79:38:eb:ef:dc:
53:2d:c1:25:5c:8b:c9:90:4a:79:be:ee:2a:8a:30:
50:f0:24:5d:a9:ce:41:66:01:96:c3:4b:d5:f3:8c:
4d:b4:1e:71:28:ea:5c
ASN1 OID: brainpoolP384t1
It's important to note that this particular curve is not compatible with the majority of browsers or commonly used client software.
So, here's an example of generating a NIST curve EC key, which is compatible with most browsers and commonly used client software.
Create NIST EC Key
openssl ecparam -out ec_key_nist.pem -name secp384r1 -genkey
openssl pkey -in ec_key_nist.pem -text
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB1sa6wudssPDi6sfEg
V7J4xTkn3WF4veaMbcw4GAcL8PUrciXjt5jg8J3wbyvB9ZGhZANiAARLBE/WuM1e
DjYNETD+2oEoej6ZbhDvIRbxqxBBuvVna1hQQW76h3MsavEtBNbkAQZHQ9KZCScg
td5N/OhqQ+K7qXSr7F0KHTp49D9grufK+R6/uNoXtT8yiHO5yAI4lok=
-----END PRIVATE KEY-----
Private-Key: (384 bit)
priv:
75:b1:ae:b0:b9:db:2c:3c:38:ba:b1:f1:20:57:b2:
78:c5:39:27:dd:61:78:bd:e6:8c:6d:cc:38:18:07:
0b:f0:f5:2b:72:25:e3:b7:98:e0:f0:9d:f0:6f:2b:
c1:f5:91
pub:
04:4b:04:4f:d6:b8:cd:5e:0e:36:0d:11:30:fe:da:
81:28:7a:3e:99:6e:10:ef:21:16:f1:ab:10:41:ba:
f5:67:6b:58:50:41:6e:fa:87:73:2c:6a:f1:2d:04:
d6:e4:01:06:47:43:d2:99:09:27:20:b5:de:4d:fc:
e8:6a:43:e2:bb:a9:74:ab:ec:5d:0a:1d:3a:78:f4:
3f:60:ae:e7:ca:f9:1e:bf:b8:da:17:b5:3f:32:88:
73:b9:c8:02:38:96:89
ASN1 OID: secp384r1
NIST CURVE: P-384
Create the self-signed server certificate
Once you've got a key generated, the self-signed server cert is a one liner:
openssl req -new -key ec_key.pem -x509 -nodes -days 365 -out cert.pem
After testing with both EC keys, it is confirmed that brainpoolP384t1
is a non-functioning curve for any of my browsers. However, the NIST EC key and cert worked as expected with all my client software.
Tested Software:
- Brave Browser (0.25.2)
- Firefox (60.3.0)
- Sylpheed (3.7.0)
- Lynx (2.8.9rel.1)
add a comment |
up vote
1
down vote
From the error messages it looks like your private key is in a pkcs#8 file. From RFC5958 the private key is likely in DER format:
Interoperability considerations:
The PKCS #8 object inside this media type MUST be DER-encoded
PrivateKeyInfo.
So, you probably need to convert your private key to PEM format:
openssl pkey -inform DER -in key.p8 -outform PEM -out key.pem
It's unclear from your question how you've created your keys and your certs. Here's a simple example that functions on my Debian Buster system.
Create an Elliptic Curve Private Key
openssl ecparam -out ec_key.pem -name brainpoolP384t1 -genkey
openssl pkey -in ec_key.pem -text
-----BEGIN PRIVATE KEY-----
MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBDASBnjCBmwIBAQQwKTnt9uvr1aJS
tXEsz3MCtPbojeYvDKOXm9eEllpsErzSdeBUs0c7kyJYnY00N9pwoWQDYgAED2+w
xryVMzZh/nW6mUx3WxWTjXf02/17sZPpkKHcqtj3TObcA7yjpwNs+PriRBEkiyuU
jbXdeTjr79xTLcElXIvJkEp5vu4qijBQ8CRdqc5BZgGWw0vV84xNtB5xKOpc
-----END PRIVATE KEY-----
Private-Key: (384 bit)
priv:
29:39:ed:f6:eb:eb:d5:a2:52:b5:71:2c:cf:73:02:
b4:f6:e8:8d:e6:2f:0c:a3:97:9b:d7:84:96:5a:6c:
12:bc:d2:75:e0:54:b3:47:3b:93:22:58:9d:8d:34:
37:da:70
pub:
04:0f:6f:b0:c6:bc:95:33:36:61:fe:75:ba:99:4c:
77:5b:15:93:8d:77:f4:db:fd:7b:b1:93:e9:90:a1:
dc:aa:d8:f7:4c:e6:dc:03:bc:a3:a7:03:6c:f8:fa:
e2:44:11:24:8b:2b:94:8d:b5:dd:79:38:eb:ef:dc:
53:2d:c1:25:5c:8b:c9:90:4a:79:be:ee:2a:8a:30:
50:f0:24:5d:a9:ce:41:66:01:96:c3:4b:d5:f3:8c:
4d:b4:1e:71:28:ea:5c
ASN1 OID: brainpoolP384t1
It's important to note that this particular curve is not compatible with the majority of browsers or commonly used client software.
So, here's an example of generating a NIST curve EC key, which is compatible with most browsers and commonly used client software.
Create NIST EC Key
openssl ecparam -out ec_key_nist.pem -name secp384r1 -genkey
openssl pkey -in ec_key_nist.pem -text
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB1sa6wudssPDi6sfEg
V7J4xTkn3WF4veaMbcw4GAcL8PUrciXjt5jg8J3wbyvB9ZGhZANiAARLBE/WuM1e
DjYNETD+2oEoej6ZbhDvIRbxqxBBuvVna1hQQW76h3MsavEtBNbkAQZHQ9KZCScg
td5N/OhqQ+K7qXSr7F0KHTp49D9grufK+R6/uNoXtT8yiHO5yAI4lok=
-----END PRIVATE KEY-----
Private-Key: (384 bit)
priv:
75:b1:ae:b0:b9:db:2c:3c:38:ba:b1:f1:20:57:b2:
78:c5:39:27:dd:61:78:bd:e6:8c:6d:cc:38:18:07:
0b:f0:f5:2b:72:25:e3:b7:98:e0:f0:9d:f0:6f:2b:
c1:f5:91
pub:
04:4b:04:4f:d6:b8:cd:5e:0e:36:0d:11:30:fe:da:
81:28:7a:3e:99:6e:10:ef:21:16:f1:ab:10:41:ba:
f5:67:6b:58:50:41:6e:fa:87:73:2c:6a:f1:2d:04:
d6:e4:01:06:47:43:d2:99:09:27:20:b5:de:4d:fc:
e8:6a:43:e2:bb:a9:74:ab:ec:5d:0a:1d:3a:78:f4:
3f:60:ae:e7:ca:f9:1e:bf:b8:da:17:b5:3f:32:88:
73:b9:c8:02:38:96:89
ASN1 OID: secp384r1
NIST CURVE: P-384
Create the self-signed server certificate
Once you've got a key generated, the self-signed server cert is a one liner:
openssl req -new -key ec_key.pem -x509 -nodes -days 365 -out cert.pem
After testing with both EC keys, it is confirmed that brainpoolP384t1
is a non-functioning curve for any of my browsers. However, the NIST EC key and cert worked as expected with all my client software.
Tested Software:
- Brave Browser (0.25.2)
- Firefox (60.3.0)
- Sylpheed (3.7.0)
- Lynx (2.8.9rel.1)
add a comment |
up vote
1
down vote
up vote
1
down vote
From the error messages it looks like your private key is in a pkcs#8 file. From RFC5958 the private key is likely in DER format:
Interoperability considerations:
The PKCS #8 object inside this media type MUST be DER-encoded
PrivateKeyInfo.
So, you probably need to convert your private key to PEM format:
openssl pkey -inform DER -in key.p8 -outform PEM -out key.pem
It's unclear from your question how you've created your keys and your certs. Here's a simple example that functions on my Debian Buster system.
Create an Elliptic Curve Private Key
openssl ecparam -out ec_key.pem -name brainpoolP384t1 -genkey
openssl pkey -in ec_key.pem -text
-----BEGIN PRIVATE KEY-----
MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBDASBnjCBmwIBAQQwKTnt9uvr1aJS
tXEsz3MCtPbojeYvDKOXm9eEllpsErzSdeBUs0c7kyJYnY00N9pwoWQDYgAED2+w
xryVMzZh/nW6mUx3WxWTjXf02/17sZPpkKHcqtj3TObcA7yjpwNs+PriRBEkiyuU
jbXdeTjr79xTLcElXIvJkEp5vu4qijBQ8CRdqc5BZgGWw0vV84xNtB5xKOpc
-----END PRIVATE KEY-----
Private-Key: (384 bit)
priv:
29:39:ed:f6:eb:eb:d5:a2:52:b5:71:2c:cf:73:02:
b4:f6:e8:8d:e6:2f:0c:a3:97:9b:d7:84:96:5a:6c:
12:bc:d2:75:e0:54:b3:47:3b:93:22:58:9d:8d:34:
37:da:70
pub:
04:0f:6f:b0:c6:bc:95:33:36:61:fe:75:ba:99:4c:
77:5b:15:93:8d:77:f4:db:fd:7b:b1:93:e9:90:a1:
dc:aa:d8:f7:4c:e6:dc:03:bc:a3:a7:03:6c:f8:fa:
e2:44:11:24:8b:2b:94:8d:b5:dd:79:38:eb:ef:dc:
53:2d:c1:25:5c:8b:c9:90:4a:79:be:ee:2a:8a:30:
50:f0:24:5d:a9:ce:41:66:01:96:c3:4b:d5:f3:8c:
4d:b4:1e:71:28:ea:5c
ASN1 OID: brainpoolP384t1
It's important to note that this particular curve is not compatible with the majority of browsers or commonly used client software.
So, here's an example of generating a NIST curve EC key, which is compatible with most browsers and commonly used client software.
Create NIST EC Key
openssl ecparam -out ec_key_nist.pem -name secp384r1 -genkey
openssl pkey -in ec_key_nist.pem -text
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB1sa6wudssPDi6sfEg
V7J4xTkn3WF4veaMbcw4GAcL8PUrciXjt5jg8J3wbyvB9ZGhZANiAARLBE/WuM1e
DjYNETD+2oEoej6ZbhDvIRbxqxBBuvVna1hQQW76h3MsavEtBNbkAQZHQ9KZCScg
td5N/OhqQ+K7qXSr7F0KHTp49D9grufK+R6/uNoXtT8yiHO5yAI4lok=
-----END PRIVATE KEY-----
Private-Key: (384 bit)
priv:
75:b1:ae:b0:b9:db:2c:3c:38:ba:b1:f1:20:57:b2:
78:c5:39:27:dd:61:78:bd:e6:8c:6d:cc:38:18:07:
0b:f0:f5:2b:72:25:e3:b7:98:e0:f0:9d:f0:6f:2b:
c1:f5:91
pub:
04:4b:04:4f:d6:b8:cd:5e:0e:36:0d:11:30:fe:da:
81:28:7a:3e:99:6e:10:ef:21:16:f1:ab:10:41:ba:
f5:67:6b:58:50:41:6e:fa:87:73:2c:6a:f1:2d:04:
d6:e4:01:06:47:43:d2:99:09:27:20:b5:de:4d:fc:
e8:6a:43:e2:bb:a9:74:ab:ec:5d:0a:1d:3a:78:f4:
3f:60:ae:e7:ca:f9:1e:bf:b8:da:17:b5:3f:32:88:
73:b9:c8:02:38:96:89
ASN1 OID: secp384r1
NIST CURVE: P-384
Create the self-signed server certificate
Once you've got a key generated, the self-signed server cert is a one liner:
openssl req -new -key ec_key.pem -x509 -nodes -days 365 -out cert.pem
After testing with both EC keys, it is confirmed that brainpoolP384t1
is a non-functioning curve for any of my browsers. However, the NIST EC key and cert worked as expected with all my client software.
Tested Software:
- Brave Browser (0.25.2)
- Firefox (60.3.0)
- Sylpheed (3.7.0)
- Lynx (2.8.9rel.1)
From the error messages it looks like your private key is in a pkcs#8 file. From RFC5958 the private key is likely in DER format:
Interoperability considerations:
The PKCS #8 object inside this media type MUST be DER-encoded
PrivateKeyInfo.
So, you probably need to convert your private key to PEM format:
openssl pkey -inform DER -in key.p8 -outform PEM -out key.pem
It's unclear from your question how you've created your keys and your certs. Here's a simple example that functions on my Debian Buster system.
Create an Elliptic Curve Private Key
openssl ecparam -out ec_key.pem -name brainpoolP384t1 -genkey
openssl pkey -in ec_key.pem -text
-----BEGIN PRIVATE KEY-----
MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBDASBnjCBmwIBAQQwKTnt9uvr1aJS
tXEsz3MCtPbojeYvDKOXm9eEllpsErzSdeBUs0c7kyJYnY00N9pwoWQDYgAED2+w
xryVMzZh/nW6mUx3WxWTjXf02/17sZPpkKHcqtj3TObcA7yjpwNs+PriRBEkiyuU
jbXdeTjr79xTLcElXIvJkEp5vu4qijBQ8CRdqc5BZgGWw0vV84xNtB5xKOpc
-----END PRIVATE KEY-----
Private-Key: (384 bit)
priv:
29:39:ed:f6:eb:eb:d5:a2:52:b5:71:2c:cf:73:02:
b4:f6:e8:8d:e6:2f:0c:a3:97:9b:d7:84:96:5a:6c:
12:bc:d2:75:e0:54:b3:47:3b:93:22:58:9d:8d:34:
37:da:70
pub:
04:0f:6f:b0:c6:bc:95:33:36:61:fe:75:ba:99:4c:
77:5b:15:93:8d:77:f4:db:fd:7b:b1:93:e9:90:a1:
dc:aa:d8:f7:4c:e6:dc:03:bc:a3:a7:03:6c:f8:fa:
e2:44:11:24:8b:2b:94:8d:b5:dd:79:38:eb:ef:dc:
53:2d:c1:25:5c:8b:c9:90:4a:79:be:ee:2a:8a:30:
50:f0:24:5d:a9:ce:41:66:01:96:c3:4b:d5:f3:8c:
4d:b4:1e:71:28:ea:5c
ASN1 OID: brainpoolP384t1
It's important to note that this particular curve is not compatible with the majority of browsers or commonly used client software.
So, here's an example of generating a NIST curve EC key, which is compatible with most browsers and commonly used client software.
Create NIST EC Key
openssl ecparam -out ec_key_nist.pem -name secp384r1 -genkey
openssl pkey -in ec_key_nist.pem -text
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB1sa6wudssPDi6sfEg
V7J4xTkn3WF4veaMbcw4GAcL8PUrciXjt5jg8J3wbyvB9ZGhZANiAARLBE/WuM1e
DjYNETD+2oEoej6ZbhDvIRbxqxBBuvVna1hQQW76h3MsavEtBNbkAQZHQ9KZCScg
td5N/OhqQ+K7qXSr7F0KHTp49D9grufK+R6/uNoXtT8yiHO5yAI4lok=
-----END PRIVATE KEY-----
Private-Key: (384 bit)
priv:
75:b1:ae:b0:b9:db:2c:3c:38:ba:b1:f1:20:57:b2:
78:c5:39:27:dd:61:78:bd:e6:8c:6d:cc:38:18:07:
0b:f0:f5:2b:72:25:e3:b7:98:e0:f0:9d:f0:6f:2b:
c1:f5:91
pub:
04:4b:04:4f:d6:b8:cd:5e:0e:36:0d:11:30:fe:da:
81:28:7a:3e:99:6e:10:ef:21:16:f1:ab:10:41:ba:
f5:67:6b:58:50:41:6e:fa:87:73:2c:6a:f1:2d:04:
d6:e4:01:06:47:43:d2:99:09:27:20:b5:de:4d:fc:
e8:6a:43:e2:bb:a9:74:ab:ec:5d:0a:1d:3a:78:f4:
3f:60:ae:e7:ca:f9:1e:bf:b8:da:17:b5:3f:32:88:
73:b9:c8:02:38:96:89
ASN1 OID: secp384r1
NIST CURVE: P-384
Create the self-signed server certificate
Once you've got a key generated, the self-signed server cert is a one liner:
openssl req -new -key ec_key.pem -x509 -nodes -days 365 -out cert.pem
After testing with both EC keys, it is confirmed that brainpoolP384t1
is a non-functioning curve for any of my browsers. However, the NIST EC key and cert worked as expected with all my client software.
Tested Software:
- Brave Browser (0.25.2)
- Firefox (60.3.0)
- Sylpheed (3.7.0)
- Lynx (2.8.9rel.1)
edited 17 hours ago
answered yesterday
RubberStamp
1,7801518
1,7801518
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f489306%2fhow-to-run-apache-httpd-2-4-6-with-a-self-signed-certificate-signed-with-an-elli%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Do you have private key and certificate in PEM format?
– Romeo Ninov
yesterday
Yes, I do. I've implemented it with a non - ec curve key, but now I want it with an ec curve key.
– El_Dorado
yesterday
Usually the errors you reported occur when attempting to use a non-x509 key. You should make sure that you keys and cert are in x509 and not pkcs8... as appears to be the case listed in the errors ... if the key and cert are in x509, this should not give any errors
openssl x509 -in mykey.pem -text
– RubberStamp
yesterday
Well, actually it was in x509, but i was also getting errors. Later, i changed to pkcs8 to see if it would vanish but it still happen.
– El_Dorado
yesterday
Please update your question with the errors that occurred with the key and cert in x509.
– RubberStamp
yesterday